Creating security group default rules
POST /v2.0/default-security-group-rules
Create a security group rule template.
The security group rule template API does not validate UUIDs of the remote_address_group_id and remote_group_id resources. If you specify the UUID of a non-existing security group or remote address group, this will cause errors during security group creation.
Source: https://docs.openstack.org/api-ref/network/v2/index.html#create-security-group-default-rule
Request
Parameters
| Name | In | Type | Description |
|---|---|---|---|
default_security_group_rule
|
body | object | A default_security_group_rule object. |
description (Optional) |
body | string | A human-readable description for the resource. Default is an empty string. |
remote_group_id (Optional) |
body | string | The remote group UUID to associate with this security group rule. You can specify either the remote_group_id or remote_ip_prefix attribute in the request body. |
direction
|
body | string | Ingress or egress, which is the direction in which the security group rule is applied. |
protocol (Optional) |
body | string | The IP protocol can be represented by a string, an integer, or null. Valid string or integer values are any or 0, ah or 51, dccp or 33, egp or 8, esp or 50, gre or 47, icmp or 1, icmpv6 or 58, igmp or 2, ipip or 4, ipv6-encap or 41, ipv6-frag or 44, ipv6-icmp or 58, ipv6-nonxt or 59, ipv6-opts or 60, ipv6-route or 43, ospf or 89, pgm or 113, rsvp or 46, sctp or 132, tcp or 6, udp or 17, udplite or 136, vrrp or 112. Additionally, any integer value between [0-255] is also valid. The string any (or integer 0) means all IP protocols. |
ethertype (Optional) |
body | string | Must be IPv4 or IPv6, and addresses represented in CIDR must match the ingress or egress rules. |
port_range_max (Optional) |
body | integer | The maximum port number in the range that is matched by the security group rule. If the protocol is TCP, UDP, DCCP, SCTP or UDP-Lite this value must be greater than or equal to the port_range_min attribute value. If the protocol is ICMP, this value must be an ICMP code. |
port_range_min (Optional) |
body | integer | The minimum port number in the range that is matched by the security group rule. If the protocol is TCP, UDP, DCCP, SCTP, or UDP-Lite, this value must be less than or equal to the port_range_max attribute value. If the protocol is ICMP, this value must be an ICMP type. |
remote_ip_prefix (Optional) |
body | string | The remote IP prefix that is matched by this security group rule. |
used_in_default_sg
|
body | boolean | Indicates whether this security group rule template will be used in the default security group created automatically for each new project. |
used_in_non_default_sg
|
body | boolean | Indicates whether this security group rule template will be used in custom security groups created by a project user. |
Example
# curl -ks -H 'Content-Type: application/json' -H 'X-Auth-Token: gAAAAA<...>' -d '
{
"default_security_group_rule": {
"direction": "ingress",
"port_range_min": "80",
"ethertype": "IPv4",
"port_range_max": "80",
"protocol": "tcp",
"used_in_default_sg": "true",
"used_in_non_default_sg": "true"
}
}' https://<node_IP_addr>:9696/v2.0/default-security-group-rules
Response
Parameters
| Name | In | Type | Description |
|---|---|---|---|
default_security_group_rule
|
body | object | A default_security_group_rule object. |
id
|
body | string | The ID of the security group rule. |
description
|
body | string | A human-readable description for the resource. |
remote_group_id
|
body | string | The remote group UUID to associate with this security group rule. |
remote_address_group_id
|
body | string | The remote address group UUID that is associated with this security group rule. |
direction
|
body | string | Ingress or egress, which is the direction in which the security group rule is applied. |
protocol
|
body | string | The IP protocol represented by a string, an integer, or null. The string any (or integer 0) means all IP protocols. |
ethertype
|
body | string | Ethertype: IPv4 or IPv6. |
port_range_max
|
body | integer | The maximum port number in the range that is matched by the security group rule. |
port_range_min
|
body | integer | The minimum port number in the range that is matched by the security group rule. |
remote_ip_prefix
|
body | string | The remote IP prefix that is matched by this security group rule. |
used_in_default_sg
|
body | boolean | Indicates whether this security group rule template will be used in the default security group created automatically for each new project. |
used_in_non_default_sg
|
body | boolean | Indicates whether this security group rule template will be used in custom security groups created by a project user. |
Status codes
Success
| Code | Reason |
|---|---|
201 - Created
|
Resource was created and is ready to use. |
Error
| Code | Reason |
|---|---|
400 - Bad Request
|
Some content in the request was invalid. |
401 - Unauthorized
|
User must authenticate before making a request. |
404 - Not Found
|
The requested resource could not be found. |
409 - Conflict
|
This operation conflicted with another operation on this resource. |
Example
{
"default_security_group_rule": {
"id": "eb8ad926-f5c9-4371-b35f-e69563b695ac",
"ethertype": "IPv4",
"direction": "ingress",
"protocol": "tcp",
"port_range_min": 80,
"port_range_max": 80,
"remote_ip_prefix": null,
"remote_address_group_id": null,
"remote_group_id": null,
"description": "",
"used_in_default_sg": true,
"used_in_non_default_sg": true
}
}